FluidFS Antivirus Integration

Similar documents
Configuring Direct-Connect between a DR Series System and Backup Media Server

Lifecycle Controller with Dell Repository Manager

Shared LOM support on Modular

Setting Up Replication between Dell DR Series Deduplication Appliances with NetVault 9.2 as Backup Software

Using Dell Repository Manager with Dell OpenManage Essentials

Deploying Solaris 11 with EqualLogic Arrays

Dell Wyse Datacenter for VMware Horizon View Cloud Pod Architecture

Teradici APEX 2800 for VMware Horizon View

Access Control Policies

Dell Appliance for Wyse

Running Milestone XProtect with the Dell FS8600 Scale-out File System

Dell 1741M Converged Network Adapter FCoE Boot from SAN Guide

SUU Supporting the DUP Dependency

Deployment of Dell M6348 Blade Switch with Cisco 4900M Catalyst Switch (Simple Mode)

Using Lifecycle Controller to Configure UEFI Secure Boot and OS Deployment

Dell Networking MXL and PowerEdge I/O Aggregator with Cisco Nexus 5000 series fabric mode Config Sheets

Web Service Eventing Support for Hardware Inventory and Monitoring

Dell Networking MXL / PowerEdge I/O Aggregator with Cisco Nexus 5000 series NPV mode and Cisco MDS 9100 fabric switch Config Sheets

Wired + Wireless Cloud-managed Campus Reference Architecture

Deployment of Dell M8024-k Blade Switch in Simple Mode with Cisco Nexus 5k Switch

Performance Baseline for Deploying Microsoft SQL Server 2012 OLTP Database Applications Using EqualLogic PS Series Hybrid Storage Arrays

Dell SupportAssist Version 1.2 For Dell OpenManage Essentials Support Matrix

Dell PowerEdge R920 System Powers High Performing SQL Server Databases and Consolidates Databases

Optimizing I/O Identity and Applying Persistence Policy on Network and Fibre Channel Adapters

Remote Power Management of Dell PowerEdge M1000e with Chassis Management Controller (CMC) Using Windows Remote Management (WinRM)

Dell Data Protection for VMware Horizon View Infrastructures

Using Dell EqualLogic and Multipath I/O with Citrix XenServer 6.2

Dell PowerVault Network Attached Storage (NAS) Systems Running Windows Storage Server 2012 Troubleshooting Guide

LSI SAS i PCIe to 6Gb/s SAS HBA Running On Dell Systems Important Information

Dell OptiPlex SFF AIO Stand. User s Guide. Model: IKAIO-01 1 /13

Advanced Performance Tuning for Dell EqualLogic Auto-Replication

Dell Server PRO Management Pack for Microsoft System Center Virtual Machine Manager Installation Guide

High-Performance Graphics with VMware Horizon View 5.2

Wired + Wireless Cloud-managed Campus Deployment Guide Branch, Small Campus and Distributed Sites

Dell Server PRO Management Pack 3.0 for Microsoft System Center Virtual Machine Manager Installation Guide

Efficient Video Distribution Networks with Multicast: IGMP Querier and PIM-DM

Dell PowerEdge VRTX Networking Deployment Guide for Microsoft Lync and Dell Mobility

Setting Up the Dell DR Series System on Veeam

Release Notes. Dell Server Management Pack Suite For CPS. Version 5.1.1

FS8600 Snapshot and Volume Cloning Best Practices

Virtual Machine Protection with Dell EqualLogic Virtual Storage Manager v4.0

Dell Reseller Option Kit Important Information

OpenManage Integration for VMware vcenter Using the vsphere Client Quick Install Guide Version 2.0

Setting Up the Dell DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Overview of Microsoft Private Cloud with Dell EqualLogic Storage Arrays

Dell EqualLogic Storage Management Pack Suite Version 5.0 For Microsoft System Center Operations Manager And Microsoft System Center Essentials

Setting Up the DR Series System on Veeam

VRF lite for Dell Networking N-Series

Dell PowerEdge T620 Getting Started Guide

Dell SupportAssist Version 1.2 For Dell OpenManage Essentials Quick Start Guide

Dell EqualLogic Storage Management Pack Suite Version 5.0 For Microsoft System Center Operations Manager And System Center Essentials User s Guide

Dell Server Deployment Pack Version 2.0 for Microsoft System Center Configuration Manager User's Guide

Dell Fabric Manager Deployment Guide 1.0.0

Dell SupportAssist Version For Dell OpenManage Essentials Quick Start Guide

Setting Up the DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Dell Server Management Pack Suite Version For Microsoft System Center Operations Manager And System Center Essentials User s Guide

Dell PowerVault MD Storage Array Management Pack Suite Version 5.0 For Microsoft System Center Operations Manager And Microsoft System Center

Dell Server Management Pack Suite Version For Microsoft System Center Operations Manager And System Center Essentials Installation Guide

Active Fabric Manager Installation Guide 1.5

Stacking Dell PowerConnect 10G Switches: M8024-k, 8024, 8024F

Management Station Software Version 7.3 Installation Guide

Accelerate SQL Server 2014 In-Memory OLTP Performance with Dell PowerEdge R920 and Express Flash NVMe PCIe SSDs

Managing and Protecting a Windows Server Hyper-V Environment using Dell EqualLogic PS Series Storage and Tools

Reference Architecture for Dell VIS Self-Service Creator and VMware vsphere 4

Microsoft Windows Server 2012 Early Adopter Guide

Using Dell Repository Manager to Update Your Local Repository

Dell PowerEdge T420 Getting Started Guide

ClearPass NAC and Posture Assessment for Campus Networks

Dell PowerVault MD3400/3420/3800i/3820i/ 3800f/3820f Storage Arrays Getting Started Guide

Virtual Desktop Infrastructure with Dell Fluid Cache for SAN

Dell PowerEdge R720 and R720xd Getting Started Guide

Dell Management Console Best Practices

Dell PowerEdge T620 Getting Started Guide

Citrix XenDesktop with Provisioning Server for VDI on Dell Compellent SC8000 All Flash Arrays for 3,000 Users

Dell PowerVault MD3460/3860i/3860f Storage Arrays Getting Started Guide

Antivirus Solution Guide for Clustered Data ONTAP: Symantec

DELL EQUALLOGIC FS7500 INTEGRATION WITHIN A LINUX ENVIRONMENT

Dell PowerVault NX1950 configuration guide for VMware ESX Server software

Microsoft SharePoint Server 2010 on Dell Systems

Dell Repository Manager Version 1.8 Troubleshooting Guide

Dell FS8600 with VMware vsphere

Deploying Dell PowerConnect 8100 and Cisco Catalyst Switches

Deploying FCoE (FIP Snooping) on Dell PowerConnect 10G Switches: M8024-k, 8024 and 8024F. Dell Networking Solutions Engineering March 2012

VMware Infrastructure Update 1 for Dell PowerEdge Systems. Deployment Guide. support.dell.com

Dell Lifecycle Controller Integration For Microsoft System Center Configuration Manager Version Installation Guide

Configuring Symantec Protection Engine for Network Attached Storage. Dell FluidFS 5.0

Deploying High-performing SQL Server OLTP Database on PowerEdge R730xd by Using Windows Storage Spaces

Antivirus Solution Guide. NetApp Clustered Data ONTAP 8.2.1

SAN Design Best Practices for the Dell PowerEdge M1000e Blade Enclosure and EqualLogic PS Series Storage (1GbE) A Dell Technical Whitepaper

VDI with VMware Horizon View and VMware vsphere on Dell Storage PS4210XS Hybrid Storage Arrays

Remote and Branch Office Reference Architecture for VMware vsphere with Dell PowerEdge VRTX

Configuring a Microsoft Windows Server 2012/R2 Failover Cluster with Storage Center

Lifecycle Controller 2 Release 1.0 Version Readme

Deployment of VMware Infrastructure 3 on Dell PowerEdge Blade Servers

DELL POWERVAULT NX3500 INTEGRATION WITHIN A MICROSOFT WINDOWS ENVIRONMENT

Scheduled Automatic Search using Dell Repository Manager

Active Fabric Manager. Release Notes 1.5. June 2013

vstart 50 VMware vsphere Solution Specification

Dell Server PRO Management Pack for Microsoft System Center Virtual Machine Manager User's Guide

WINDOWS EMBEDDED. February Troubleshooting and Resolving Memory Issues. Copyright 2015 Dell Wyse

Transcription:

FluidFS Antivirus Integration Dell Storage Engineering May 2014 A Dell Technical Whitepaper

Revisions Date May 2014 Description Initial release THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. 2014 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. PRODUCT WARRANTIES APPLICABLE TO THE DELL PRODUCTS DESCRIBED IN THIS DOCUMENT MAY BE FOUND AT: http://www.dell.com/learn/us/en/19/terms-of-sale-commercial-and-public-sector Performance of network reference architectures discussed in this document may vary with differing deployment conditions, network loads, and the like. Third party products may be included in reference architectures for the convenience of the reader. Inclusion of such third party products does not necessarily constitute Dell s recommendation of those products. Please consult your Dell representative for additional information. Trademarks used in this text: Dell, the Dell logo, Dell Boomi, Dell Precision,OptiPlex, Latitude, PowerEdge, PowerVault, PowerConnect, OpenManage, EqualLogic, Compellent, KACE, FlexAddress, Force10 and Vostro are trademarks of Dell Inc. Other Dell trademarks may be used in this document. Cisco Nexus, Cisco MDS, Cisco NX- 0S, and other Cisco Catalyst are registered trademarks of Cisco System Inc. EMC VNX, and EMC Unisphere are registered trademarks of EMC Corporation. Intel, Pentium, Xeon, Core and Celeron are registered trademarks of Intel Corporation in the U.S. and other countries. AMD is a registered trademark and AMD Opteron, AMD Phenom and AMD Sempron are trademarks of Advanced Micro Devices, Inc. Microsoft, Windows, Windows Server, Internet Explorer, MS-DOS, Windows Vista and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell and SUSE are registered trademarks of Novell Inc. in the United States and other countries. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Citrix, Xen, XenServer and XenMotion are either registered trademarks or trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware, Virtual SMP, vmotion, vcenter and vsphere are registered trademarks or trademarks of VMware, Inc. in the United States or other countries. IBM is a registered trademark of International Business Machines Corporation. Broadcom and NetXtreme are registered trademarks of Broadcom Corporation. Qlogic is a registered trademark of QLogic Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and/or names or their products and are the property of their respective owners. Dell disclaims proprietary interest in the marks and names of others. 2 BP1080 FluidFS Antivirus Integration

Table of contents Revisions... 2 Acknowledgements... 4 Feedback... 4 Executive summary... 4 1 Introduction... 5 1.1 FluidFS antivirus client overview... 5 1.1.1 Data flow during the virus scanning process... 6 1.1.2 Detailed File Access flow when antivirus scanning is configured and enabled for CIFS shares... 6 1.1.3 What triggers FluidFS to request a virus scan?... 7 1.1.4 When a virus is found... 8 1.2 Configuring the virus scan service on FluidFS... 8 1.2.1 Defining virus scanning criteria... 9 1.2.2 Antivirus server failure... 10 1.2.3 Configure antivirus settings for individual shares... 10 1.2.4 Configure antivirus scanning from FluidFS CLI... 11 1.2.5 Network topology... 12 1.3 Antivirus partners for Dell FluidFS... 13 2 Best practices for antivirus scanning... 14 3 Conclusion... 15 A Configuring Trend Micro IWSA virus scanner... 16 A.1.1 Connecting the FluidFS Appliance to the Virus Scan Service... 21 A.1.2 Verifying the virus scan... 21 3 BP1080 FluidFS Antivirus Integration

Acknowledgements Feedback This best practice white paper was produced by the following members of the Dell Storage team: Engineering: Srikanth Nandigam Technical Marketing: Chandra Mukhyala Editing: Margaret Boeneke Additional contributors: Nimrod Shavit We encourage readers of this publication to provide feedback on the quality and usefulness of this information by sending an email to SISfeedback@Dell.com. SISfeedback@Dell.com Executive summary Organizations enforce strict security policies regarding virus detection and removal. Some methods include installing an external antivirus scanning engine on every client machine and scanning them locally for viruses, or integrating storage systems with external antivirus servers and allowing external scan engines to scan files upon user access from the client machines. The most common and simple way to implement a comprehensive virus scan for data repositories stored on NAS volumes is to leverage the Internet Content Adaptation Protocol (ICAP). Dell FluidFS based NAS systems have incorporated ICAP to communicate with external scan engines for on-demand virus scanning and detection. The FluidFS ICAP integration allows FluidFS to offload virus scanning to third party antivirus servers such as McAfee, Symantec, and Trend Micro. The current ICAP integration on FluidFS provides on-demand file scanning upon file read requests from client machines. This paper provides technical information about integrating Dell FluidFS based systems with one of the external Antivirus Dell technology partners and some best practices for deploying these solutions. 4 BP1080 FluidFS Antivirus Integration

1 Introduction Data stored on any storage system needs to be protected against threats from malware and viruses. Efficient protection of data against these threats is a very important aspect of the comprehensive data protection strategy for any organization. Computer viruses, spyware, and malware can put data at risk. It is very important to protect against data corruption from malicious software for any enterprise. Dell FluidFS based NAS appliances provide protection against viruses by using an integrated on-demand virus scanning service using third party virus scanners. This service is based on the Internet Content Adaptation Protocol (ICAP) and works seamlessly with an external virus scanning engine. This external Antivirus engine runs ICAP server, which should be isolated from the FluidFS appliance and should be located on the client network of FluidFS. The solution described in this document explains the steps for configuring antivirus scanning for FluidFS. Appendix A shows the configuration for Trend Micro Interscan Web Security Appliance (IWSA) as the external virus scanning engine. IWSA scanning engine scans files for suspicious viruses and passes the scan results back to FluidFS. FluidFS makes the files accessible to users or blocks access by quarantining files for both NFS and CIFS access protocols. 1.1 FluidFS antivirus client overview Once virus scan (ICAP) servers are configured on the FluidFS cluster, virus scanning is enabled on a share by share basis. FluidFS antivirus client will not initiate virus scanning while storing (writing) files on the container. The virus scan is initiated on demand from the FluidFS client (ICAP Client) to the antivirus scanning server (ICAP server) only for files opened for read operations ( file open ). Also, file scan is triggered only when files are accessed using CIFS protocol. If files are accessed using NFS, FluidFS does not initiate a virus scan. However, if files were previously blocked by the antivirus scanner, these files are not accessible by NFS either. This provides on-demand virus scanning of files stored on FluidFS shares. Alternatively, the network share from FluidFS can be scanned by mapping it to a host server running the antivirus client and then scanning it locally manually or with a scheduled process. FluidFS antivirus service communicates with the virus scan engine using ICAP. FluidFS, in this case, acts as an ICAP client, and any external antivirus software virus scan engine acts as an ICAP server. When FluidFS triggers a virus scan by sending a request to the ICAP server, files are transmitted to the ICAP server. While the scan is in progress by the ICAP server, response to the file open request is delayed, which introduces some latency for read operations. When the virus scan engine reports that there is no virus found on the file, FluidFS provides access to the file to CIFS/NFS clients. When the virus scan engine reports a file contains a virus, FluidFS quarantines the file to prevent any further client access to the file. FluidFS antivirus service has a caching feature, which stores a local list of all files that have been scanned. If a user opens a file that has already been scanned (which is listed in the antivirus cache) and the file has not been modified since the last scan, it will provide access to the file without scanning it for a second time. This eliminates redundant scanning and improves read performance when antivirus is enabled. 5 BP1080 FluidFS Antivirus Integration

The antivirus scan engine can become a single point of failure and may prevent file access for clients when the virus scan engine does not respond to the ICAP client. To prevent this, it is important to configure FluidFS with more than one virus scan engine. 1.1.1 Data flow during the virus scanning process Step 1: Client (CIFS) attempts to open and modify an existing file. Step 2: FluidFS determines if the file needs to be scanned based on the file extension, size and scanning cache (checks if previously scanned), then it notifies the antivirus server using ICAP. Step 3: The antivirus server scans the file and sends the result (OK or Virus) to the. Step 4: Client access to the file is granted or denied based on the scan result. 1.1.2 Detailed File Access flow when antivirus scanning is configured and enabled for CIFS shares The following steps are followed when a file is accessed by a client (read) on a CIFS file share when using an external ICAP enabled antivirus server: 1. The CIFS client accesses the file from the FluidFS container from a mapped drive or via Universal Naming Convention (UNC) for example: \\FluidFS\share1\. 2. FluidFS determines, using file attributes and the file open operation request, if the file needs to be scanned. a. If no scan is needed (the file was scanned before and no updates have been made), the client is granted access and contents are returned. b. If the file needs to be scanned, a scan request is issued to the antivirus Scan Engine 3. The Virus scan engine reads the file and scans the file for a virus. 4. The scan engine responds back to FluidFS with one of the following results: a. File OK, No Virus Found. b. Virus found; file quarantined. c. Virus found; file repaired. 5. FluidFS responds back to the CIFS client with the following results: a. Client access is allowed. b. Client access is denied, and FluidFS moves the virus infected file to a quarantine folder. 6 BP1080 FluidFS Antivirus Integration

All files quarantined by the antivirus server are moved under a.quarantine\<date Stamp> folder on the FluidFS NAS container. Figure 1 Sample file list of quarantine folder There will be a file created called quarantine-list on the on the NAS volume with a folder name.quarantine\<date Stamp> with information about all viruses found and their quarantine location on FluidFS. Figure 2 Sample entries of the quarantine-list file 1.1.3 What triggers FluidFS to request a virus scan? Any read request (file open) from an SMB client on previously unscanned files Any read request (file open) from an SMB client on previously scanned files if the antivirus server updated its virus patterns or virus scan engine versions Any file operations that involve SMB client reading, such as modifying an existing file. Copying/moving files will trigger a scan request to the external AV server using ICAP FluidFS does not send a scan request upon the following conditions: 7 BP1080 FluidFS Antivirus Integration

New files are stored on FluidFS without triggering a scan request to the antivirus server. File access using NFS will not trigger scan requests. However, files marked as infected cannot be accessed over NFS. If files on FluidFS were previously scanned and no updates made to the file or antivirus server, FluidFS does not trigger a virus scan request. It allows direct access to files to CIFS/NFS clients. 1.1.4 When a virus is found The action taken on an infected file is not determined by FluidFS. The settings that affect how a virus is handled are determined by the IT administrator in the antivirus software's configuration. If it is determined a file is infected, the virus software will typically take one of two actions: it will clean or quarantine the file. Actions by the antivirus scanner when a virus is found: Clean the file: The antivirus software removes the virus and notifies FluidFS that the file is clean and allows client access to that file. Quarantine the file: The antivirus scanner quarantines the file or moves it to a special location (.quarantine folder on the share), and FluidFS denies the client access. 1.2 Configuring the virus scan service on FluidFS This section describes the sequence of steps involved in enabling and configuring the antivirus service on FS7600. 1. From the EqualLogic Group manger GUI, Select the FluidFS NAS cluster and choose Advanced settings. Under Antivirus Defaults for CIFS shares check Enable virus scanning. Once the virus scanning is enabled, configure the antivirus servers. Figure 3 Enabling antivirus scanning on FluidFS 2. Click on Configure Antivirus servers to add the IP addresses or hostnames of Antivirus scanning servers. The default port for Antivirus server is 1344, configure this to match what s been configured on antivirus server as the ICAP server port. 8 BP1080 FluidFS Antivirus Integration

Figure 4 Antivirus server configured on default port 1344 Figure 5 Adding antivirus servers on FluidFS 1.2.1 Defining virus scanning criteria The following options provide a way to exclude certain files from scanning based on file extensions, size of files and certain directory paths. 9 BP1080 FluidFS Antivirus Integration

Figure 6 Defining virus scanning criteria 1.2.2 Antivirus server failure It is recommended to configure more than one antivirus server on the FluidFS NAS cluster. If one or more antivirus scanning servers fail or are unavailable, FluidFS will continue to use the remaining scanning servers for sending the scan requests. If no scanning servers are available, CIFS shares that have antivirus enabled will deny all read requests. Alternatively, the administrator can manually disable antivirus scanning temporarily on a per CIFS share basis. When the antivirus server is back online, FluidFS resumes normal operations with virus scanning enabled. 1.2.3 Configure antivirus settings for individual shares Individual shares can have their own antivirus policies and, by default, they inherit all global settings. However, you can change these settings by going to NAS Container, and selecting CIFS shares and modifying its properties. These settings override the default settings for that particular CIFS share. This also provides a mechanism to disable antivirus settings for individual shares and manage your data protection policies at a more granular level. 10 BP1080 FluidFS Antivirus Integration

Figure 7 Configuring antivirus setting for individual FluidFS shares 1.2.4 Configure antivirus scanning from FluidFS CLI The antivirus scanning servers can also be configured using the native FluidFS CLI. Choose System -> Data-protection -> Antivirus-scanners from the CLI to add, modify or view ICAP enabled antivirus servers. Figure 8 Accessing FluidFS native CLI 11 BP1080 FluidFS Antivirus Integration

Figure 9 Configuring Antivirus from FluidFS native CLI 1.2.5 Network topology A LAN TCP/IP network connection is required for the FluidFS cluster to access the antivirus servers. For better performance, the external third party server must reside on the FluidFS client network and be accessible without any external routing. For high availability and performance, a minimum of two network interfaces are required to be connected to the same client network as FluidFS client network. More than one antivirus server is required for high availability and load balancing, so CIFS clients may continue to access files from FluidFS shares, even one of the antivirus servers is unavailable. The FluidFS antivirus service generates extra traffic on the FluidFS client network when the ICAP communication happens between FluidFS nodes and the external third party antivirus server. It is recommended to isolate the management traffic from the ICAP traffic, and use the management network for connecting to the internet for virus pattern updates. 12 BP1080 FluidFS Antivirus Integration

1.3 Antivirus partners for Dell FluidFS Dell has partnered and certified with the following external antivirus vendors. Table 1 Antivirus partners for Dell FluidFS Partner Name McAfee Symantec Trend Micro Product VirusScan Enterprise Scan Engine Interscan Web Security Appliance (IWSA) 13 BP1080 FluidFS Antivirus Integration

2 Best practices for antivirus scanning Use more than one antivirus scanning server. If one server is unavailable, FluidFS can route the scan requests to other servers and provide client access to the scanned files. Use a dedicated antivirus scanner server with adequate CPU and memory because it will have an impact on the number of antivirus requests being processed. Follow the antivirus partner design guidelines for optimal configuration. Connect the FluidFS cluster and antivirus server to the client network using at least a 1 GigE network. Measure the read performance impact on scanning large files (greater than 1 GB) and appropriately set the antivirus policies within FluidFS. Bigger files tend to take more time to read and scan and increase the response time to the CIFS/NFS clients, so consider setting limits at the FluidFS and ICAP server. Use the default ICAP port 1344 if possible. When the ICAP server port is changed, some additional steps are required on FluidFS to enable communication on the new port. These steps include reconfiguring the antivirus service on FluidFS with the new port and re-enabling antivirus for each individual CIFS share. 14 BP1080 FluidFS Antivirus Integration

3 Conclusion Antivirus client services on FluidFS can be configured to leverage ICAP enabled antivirus scanning servers from Trend Micro, Symantec, and McAfee to provide a scalable and reliable virus scanning solution for protecting valuable data stored on FluidFS storage. With this solution, you can offload the burden of scanning the files from the FluidFS cluster onto an external antivirus scanning platform. This works transparently to FluidFS clients and avoids the need to install antivirus on each client and scanning them locally for viruses. FluidFS is integrated with many antivirus vendors and thus gives the flexibility to choose the solution that suits the needs of your environment and provides the best user experience. 15 BP1080 FluidFS Antivirus Integration

A Configuring Trend Micro IWSA virus scanner The following steps are required to configure Trend Micro IWSA antivirus server in ICAP mode. 1. Once the Interscan Web Security Appliance (IWSA) server admin is logged on to the console, select Deployment Wizard under Administration. 2. Configure the ICAP port that the scanner will monitor for scan requests from FluidFS, and set the network configuration properties, like IP addresses, DNS server, and gateway. Figure 10 Configuring Trend Micro antivirus server 3. Selecting ICAP mode allows ICAP clients such as FluidFS to communicate for virus scanning. The Deployment Wizard starts with setting the mode of operation for the IWSVA server. Set the IWSVA to ICAP mode. FluidFS uses this protocol to initiate scan requests for files that should be checked for viruses. 16 BP1080 FluidFS Antivirus Integration

Figure 11 Configuring Trend Micro ICAP server 4. Enable both X-Virus-ID and X-Infection-Found header options so that the Dell FluidFS receives the needed scan results information. 5. The screenshot shows the default value of 1344 for the listening port. This is the same value as the default value used in FluidFS antivirus settings. If the value is changed here, make sure to also change it in the antivirus settings on FluidFS. 17 BP1080 FluidFS Antivirus Integration

Figure 12 Configuring ICAP headers on Trend Micro Server 6. Select a d different management network interface, by selecting a different management interface, the ICAP communication between IWSA and FluidFS is isolated on a dedicated network and the management network is dedicated for managing and monitoring the IWSA, including updating virus patterns through the internet. 18 BP1080 FluidFS Antivirus Integration

Figure 13 Configuring Networking on Trend Micro Server 7. It is a best practice to keep the time between the FluidFS and the IWSA in sync with each other so that logging information can be easily cross-referenced when needed. Therefore, it is recommended to use the same NTP server that was used for FluidFS. 19 BP1080 FluidFS Antivirus Integration

Figure 14 Configuring NTP for antivirus server 8. The Summary display allows you to verify that all settings are correct before you submit them. 20 BP1080 FluidFS Antivirus Integration

Figure 15 Deployment wizard summary A.1.1 Connecting the FluidFS Appliance to the Virus Scan Service Now that the IWSVA scan engine is up and running, you can set up FluidFS to connect to the scan engine through the ICAP interface. Follow the steps in Section A.1.2, below, to configure the antivirus interface on FluidFS. A.1.2 Verifying the virus scan To verify the correct functioning of the virus scan service, you can use virus test files from the web site www.eicar.org. Copy those files onto a test machine that you can use to access a share from the FluidFS appliance that has been set up for testing. Create a test CIFS share on the FluidFS appliance and enable the virus scan option for that share Map the share on a client you can use for copying the virus test files onto the share. Download the EICAR test files and copy them to a directory on the CIFS share. Add one or more regular text files as well so you can see the difference in behavior when accessing infected files and non-infected files. After copying, try to access the files and observe that access to files detected as containing a virus is denied. 21 BP1080 FluidFS Antivirus Integration

The next step is to check the dashboard and the logging details of the IWSA to see if the files containing viruses were detected. EqualLogic Group manager monitoring also logs all entries related to virus detection in its event log. Figure 16 FluidFS event log entries showing virus files 22 BP1080 FluidFS Antivirus Integration

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback